Firewalls: Re: [FW1] strange behavior

Firewalls
(February 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: [FW1] strange behavior
From:	zeck @ contact . com . sg (Zeck Lim)
Organization:	CONTACT Sembawang Media
Date:	Thu, 13 Feb 1997 07:51:29 +0800
To:	Dave Sroelov <dsroelov @ pacbell . net>
Cc:	fw-1-mailinglist @ us . checkpoint . com, firewalls @ GreatCircle . COM
References:	<199702120205 . SAA19599 @ althea . Ebay . Sun . COM> <3302163E . 7200 @ pacbell . net>
Reply-to:	zeck @ contact . com . sg

Dave Sroelov wrote:
> 
> being somewhat new to FW-1 i have come across something that is a little
> strange.  if i set up a policy with one rule that says to reject all
> packet types from source=any to destination=any and log everything, why
> does ping still work?
> 
> if i specifically add a rule to block icmp packets then ping stops.  i
> would think that blocking 'all' packet types would block everything that
> FW-1 knows about, and it knows about icmp.
> 
>         dave

Hi Dave,

FW-1 checks among other things, BEFORE the Rule Base, is the Security 
Policy. You may like to disbale the ping option in that. Alternatively,
you can set it as "last" where it will be processed last, after the
Rule Base.

cheers!
-- 
Zeck Lim
Systems Engineer (UNIX/Security)               Tel: 65-4330469
Contact Sembawang Media Pte Ltd                Fax: 65-4330433

References:

Re: [FW1] rule set
From: jerald . josephs @ Ebay . Sun . COM (Jerald Josephs)
strange behavior
From: Dave Sroelov <dsroelov @ pacbell . net>

Indexed By Date	Previous:	RE: Spit DNS - Another way From: Keith Stone <keiths @ geotel . com>
Indexed By Date	Next:	Re: Port 135 [and other NT attacks] (fwd) From: Jonathan Wilkins <jwilkins @ secnet . com>
Indexed By Thread	Previous:	strange behavior From: Dave Sroelov <dsroelov @ pacbell . net>
Indexed By Thread	Next:	Re: strange behavior From: Rafeeq Ur Rehman <rehman @ lhr . aster . com . pk>